IETF Logo Mail Archive

Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml

Eric Rescorla <ekr@rtfm.com> Sun, 21 August 2016 16:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5455412D0B0 for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 09:52:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnC0JY7Tgw7u for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 09:52:04 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5168D12B04B for <dispatch@ietf.org>; Sun, 21 Aug 2016 09:52:04 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id z8so39328764ywa.1 for <dispatch@ietf.org>; Sun, 21 Aug 2016 09:52:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XgzgGpAp7xwRCmA2lKyawDs4nCiVqHrL6Cj105fxNPU=; b=MpoxWSz4hya5v2lMd1w9wWsellhzRIDnsvfmeD+uTvwhyHt1Ddvtwk/7ggVyjGfhgW j8LLieUe/OKDODDdDRgeP5OxCW+kg/j3F/qbAS/rHHDUjwcbn2KVajlBOo7AmnZ1Rne+ gEEGn4brpMiGRjf3upGyLL6KRy87Th70bzutQsa4chykvliQCeVYpOSVTxwzLaXuJHQW WYQg1bTxqKvKMwx07t46l33a5JrdwVaTQgevlyxXIfcQlLJjhVeK4HU5Jq4XepsQlB98 bstGMIMeEg7A/JWVtPh38jXV9bdHQXn/FM8kqX5o2IecJsPfiw53zqxGGdAsgCZ6g4LI B4VA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XgzgGpAp7xwRCmA2lKyawDs4nCiVqHrL6Cj105fxNPU=; b=COOe8LPV8rlge6G/RSZW9Uy1Kkz1EzlANPSpdWDzi9KgBw4K2+85W5laPhpyBgDjNr GidQku1JtSr62Id2GXsxH34sFtij679/a//R/8qaRf1CxABJnnXO79AIqZW3bG5swxN9 jEpIseuu2M6e6DPINAjx8z5O8teY5eDBsEjA+x23IrLuIGx0cFDJw3ug1xAoloc2//l8 K8o6tLn5m1Wz0cSSRm1iFNR/JDVKH9Yq85qxmo65/OBLr3pxjNJIzikw8hn9AdTY2QW2 RsdnYoeIXhTgHAYWzvmE4WkWNHd9kobR5mUz33sSaqBO9773ygB3U+7MKry3OfucUuZh v7og==
X-Gm-Message-State: AEkooutJomDrQMw+I/ZhhSzdMJsA78YibjucQgqUo1cirRwjmKfh09uP0APW9nYGWSZ/8hfTmSNNdK7YD138hQ==
X-Received: by 10.129.161.129 with SMTP id y123mr15306609ywg.214.1471798323573; Sun, 21 Aug 2016 09:52:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Sun, 21 Aug 2016 09:51:23 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.11.1608211122060.45425@ary.lan>
References: <alpine.OSX.2.11.1607221253020.13624@dhcp-b1bb.meeting.ietf.org> <CABcZeBMV_2d6RBi4EsvtLtyOBeM2nD3u30O-SZqdmGGBzs6y_g@mail.gmail.com> <alpine.OSX.2.11.1608211122060.45425@ary.lan>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 21 Aug 2016 09:51:23 -0700
Message-ID: <CABcZeBOvc0pO9=+SM3P5cc3JPs9i9O3Peaf2wwKbLGoQQvpsvA@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a114f8db24224d8053a97c00c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/Cf4ZJjMcVyCYn6rf4rZ6YoaKgag>
Cc: Dispatch WG <dispatch@ietf.org>
Subject: Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Aug 2016 16:52:06 -0000

On Sun, Aug 21, 2016 at 9:39 AM, John R Levine <johnl@taugh.com> wrote:

> This document should define precisely what combination of these
>> elements is sufficient for the client to accept the certificate.
>>
>
> If only.  Existing practice for PGP seems to be rather different from what
> the theory is ("if it doesn't look totally bogus, use it" vs "check and
> score WoT signatures against your private list") and for S/MIME it depends
> on what set of CAs are in your MUA, which in my experience is generally
> pretty stale.
>
> Adding to the confusion, some people appear to believe that a domain is a
> reliable authority for certs for its email addresses.  (See for example the
> third paragraph in the introduction in RFC 7929 which makes no sense
> otherwise.)  Others of us don't, since the relationships between domain
> operators and mail users are incredibly variable.
>
> If you are in the domain is authoritative camp, you can use
> DNSSEC->SRV->https as a chain of trust for the cert, or for S/MIME you can
> use DNSSEC->TLSA as a chain of trust for the signature.  If you aren't, you
> can do whatever you do now and the DNSSEC doesn't get you anything beyond
> the usual anti-spoofing.
>
> If people agree these are the two plausible scenarios, I could easily add
> text describing them.  I don't see any chance of deciding on only one or
> the other.


Yeah, that seems like it might be OK in some sort of informational document
describing common practice, but this document is asking for Standards
Track, and in that situation it seems like actually specifying one class of
behavior is the superior direction.


It's somewhat odd to encourage TLSA records (at SHOULD level) but a
>> WebPKI valid certificate at MAY level. This is pretty much the
>> opposite of standard practice for HTTPS on the Internet today. It's
>> not like it's particularly onerous for someone running a Web server to
>> get WebPKI valid certs.
>>
>
> Good point, MUST for https seems obvious.


I don't just mean MUST for HTTP, but also encouraging the use of valid
certs.

>
>
> S 5.
>> This section also needs to be fleshed out. Questions include:
>>
>> - You say "a blob of binary data". Do you mean that they are DER? That
>>  seems implied, but it could be compressed DER or something. This
>>  needs to be specified.
>>
>
> That's supposed to be whatever RFC 4387 did.  Looking at it, it's not
> clear to me what encoding it expects, so I agree it could use some
> clarification.
>
> - What is the relationship between the multiple certificates that are
>>  provided? Are they alternatives? Are some of them intermediates that
>>  can be used to validate the EE certificate (this is commonly
>>  required)? If so, which one is the EE cert?
>>
>
> Again, this is out of RFC 4387.  I was under the impression that the
> client could look at the certs and see what chained to what.


The text in 4387 is not maximally clear. It appears that perhaps the idea
is that this is just EE certs. If it's a mix of multiple EE and chain
certs, it's not reasonable to expect the RP to make sense of it. In any
case, this text should be clear.


- Are there any requirements about the format of the various subject
>>  name fields? Say I ask for "bob@example.com" and get a cert for
>>  "alice@example.invalid". What do I do?
>>
>
> RFC 4387 again.


It seems like a citation to the relevant section would be in order here.


> This section about how to publish domain-operated CA certificates kind
>> of seems like an add-on and needs to be fleshed out quite a bit
>> more. For instance, why aren't you defining the same mechanism for
>> PGP, as they seem analagous in this case. If you want to define TLSA
>> records for CA certs for e-mail that seems like it should probably be
>> the subject of a separate document.
>>
>
> I suppose I could wave my hands and say that the domain publishes an
> OPENPGPKEY record with postmaster@<domain>, but it's not clear to me
> whether anyone would care.  S/MIME signatures are (as I understand it)
> supposed to be deterministic, if you trust the signer, you trust the cert,
> while WoT is squishy.  As far as putting it in a separate document, I
> wouldn't object but it's not clear what the advantage would be.


As usual, functional decomposition.

-Ekr


>
>
> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail.
>

v2.23.0 | Report a Bug | By Email